GHSA-68JQ-C3RV-PCRR graphql-php is affected by a Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation

The OverlappingFieldsCanBeMerged validation rule exhibits quadratic time complexity when processing queries with many repeated fields sharing the same response name. An attacker can send a crafted query like hello hello hello ... with thousands of repeated fields, causing excessive CPU usage duri...

CVE-2026-27681

CVE-2026-27681 is an SQL injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse caused by insufficient authorization checks. An authenticated user can submit crafted SQL statements to read, modify, and delete data, affecting confidentiality, integrity, and a...

EUVD-2026-22154

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of th...

MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

Impact Two authentication bypass vulnerabilities in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allow any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is...

GHSA-9C4Q-HQ6P-C237 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

Impact Two authentication bypass vulnerabilities in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allow any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is...

PT-2026-32835

Name of the Vulnerable Software and Affected Versions SQL Server affected versions not specified Description Improper neutralization of special elements used in an sql command SQL injection allows an authorized attacker to elevate privileges locally. SQL injection is a technique where an attacker...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.133 contained security vulnerabilities, which were caused by SQL identifier injections in the SQLiteConversationStore. These vulnerabilities could lead to unauthorized data...

PT-2026-33213

Name of the Vulnerable Software and Affected Versions graphql-go versions prior to 15.31.5 Description The OverlappingFieldsCanBeMerged validation rule exhibits quadratic time complexity when processing queries containing numerous repeated fields that share the same response name. Specifically, t...

School-Management-System 安全漏洞

School-Management-System is a school management system developed by Lahiru Danushka. Version 1.0 of School-Management-System has security vulnerabilities. These vulnerabilities stem from SQL injection attacks, which could allow unauthorized or authenticated remote attackers to manipulate SQL quer...

PT-2026-32653

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...

Chamilo SQL注入漏洞

Chamilo is an open-source learning management system developed by Chamilo. Version Chamilo 2.0.0-RC.2 contains a SQL injection vulnerability. This vulnerability stems from SQL injection issues with the statistical AJAX endpoints. It may allow authenticated administrators to execute time-based bli...

SourceCodester Storage Unit Rental Management System 安全漏洞

The SourceCodester Storage Unit Rental Management System is an open-source system developed by SourceCodester, designed to help manage rental records for storage units and monitor those records. Version 1.0 of the SourceCodester Storage Unit Rental Management System contains a security...

CVE-2026-37590

SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/managerent.php...

CVE-2025-65133

A SQL injection vulnerability exists in the School Management System version 1.0 by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information...

SourceCodester Storage Unit Rental Management System 安全漏洞

The SourceCodester Storage Unit Rental Management System is an open-source system developed by SourceCodester, designed to help manage rental records for storage units and monitor those records. Version 1.0 of the SourceCodester Storage Unit Rental Management System contains a security...

PT-2026-32632

CVE-2026-37591 Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view details.php. https://t.co/zFz4555XYZ...

SourceCodester Online Employees Work From Home Attendance System 安全漏洞

SourceCodester Online Employees Work From Home Attendance System is an open-source online employee remote work attendance system developed by SourceCodester. Version 1.0 of the SourceCodester Online Employees Work From Home Attendance System contains a security vulnerability. This vulnerability...

SourceCodester Patient Appointment Scheduler System 安全漏洞

The SourceCodester Patient Appointment Scheduler System is an open-source system developed by SourceCodester. Version 1.0 of the SourceCodester Patient Appointment Scheduler System contains a security vulnerability. This vulnerability stems from an SQL injection issue in the file...

PT-2026-32586

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cct search parameter being interpolated directly into a SQL query string via sprintf without sanitization or...

SourceCodester Patient Appointment Scheduler 安全漏洞

SourceCodester Patient Appointment Scheduler is an open-source patient appointment scheduling tool developed by SourceCodester. Version 1.0 of the SourceCodester Patient Appointment Scheduler contains a security vulnerability. This vulnerability stems from an SQL injection vulnerability in the fi...